Home > mailing lists

Re: Restrict ALTER FUNCTION CALLED ON NULL INPUT (was Re: Not quite a security hole: CREATE LANGUAGE for non-superusers) - Mailing list pgsql-hackers

From	Kevin Grittner
Subject	Re: Restrict ALTER FUNCTION CALLED ON NULL INPUT (was Re: Not quite a security hole: CREATE LANGUAGE for non-superusers)
Date	June 12, 2012 21:08:26
Msg-id	4FD7696902000025000483A4@gw.wicourts.gov Whole thread Raw
In response to	Re: Restrict ALTER FUNCTION CALLED ON NULL INPUT (was Re: Not quite a security hole: CREATE LANGUAGE for non-superusers) (Stephen Frost <sfrost@snowman.net>)
Responses	Re: Restrict ALTER FUNCTION CALLED ON NULL INPUT (was Re: Not quite a security hole: CREATE LANGUAGE for non-superusers)
List	pgsql-hackers

Tree view

>Stephen Frost <sfrost@snowman.net> wrote: 
> If we had an independent way to have the function run as a
> specific user, where that user DIDN'T own the function, I think
> Kevin's use case would be satisfied.
I agree.  I'm not sure quite what that would look like, but maybe
SECURITY ROLE <rolename> or some such could be an alternative to
SECURITY INVOKER and SECURITY DEFINER.  (I haven't looked to see
what the standard has here.)
-Kevin

pgsql-hackers by date:

From: Tom Lane
Date: 12 June 2012, 21:07:10
Subject: Re: Restrict ALTER FUNCTION CALLED ON NULL INPUT (was Re: Not quite a security hole: CREATE LANGUAGE for non-superusers)

From: Alvaro Herrera
Date: 12 June 2012, 21:11:05
Subject: Re: [COMMITTERS] pgsql: Mark JSON error detail messages for translation.

Re: Restrict ALTER FUNCTION CALLED ON NULL INPUT (was Re: Not quite a security hole: CREATE LANGUAGE for non-superusers) - Mailing list pgsql-hackers

Previous

Next